cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
919
Views
0
Helpful
5
Replies

Can the ASA log when Cisco client VPN's logon/logoff?

whiteford
Level 1
Level 1

Hi, I'm moving my IPSec VPN's from my Cisco Concentrator to my ASA 5520. I log (to a syslog server) users that logon and logoff, how can I do this on the ASA?

5 Replies 5

andrew.prince
Level 10
Level 10

I have all traffic from my ASA logged via syslog, then I filter in my syslog server what I want to see:-

logging enable

logging buffer-size 14096

logging buffered debugging

logging trap debugging

logging facility ##(used by my syslog server to filter)

logging host <> <>

My syslog see's:-

%ASA-6-602304: IPSEC: An inbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been created.

%ASA-6-602304: IPSEC: An outbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been deleted.

HTH

Thanks, does having the ASA set to full debug mode put strain on the ASA? There must be millions of logs come in?

We run a pair of ASA5540's (1gb mem, 256mb flash) we have 60 L2L VPN tunnels terminated, and a min of 100 Remote Access VPN's daily. We run the L2L with 3DES, and the Remote VPN with AES. At peak times, the CPU creaps up to 5% and memory is 90% free.....having them run the traps and logs in debug mode does not affect our ASA's.

Depending on the models you have - you might want to test the traps levels first and see the impact.

HTH

wow, that's a lot of traffic and not much pressure on your ASA's, I will use your CLI your posted on ours and see what happens.

no problem - glad to help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: